Log in

Cart

Your cart is currently empty.

Continue shopping
Total
£0.00

UK GDPR

I. Scope of Application

This policy applies to the processing of personal data of users located in the United Kingdom. It applies in particular where services or products are offered to UK users or where their online behaviour is monitored, regardless of whether the data processing itself takes place outside the United Kingdom.

This policy covers personal data stored electronically or in structured paper filing systems. Purely personal or household activities are excluded from its scope.

II. Core Principles

All personal data processing must comply with the following principles:

Lawfulness, fairness and transparency: Personal data must be processed lawfully, fairly and in a transparent manner.

Purpose limitation: Data must be collected for specified, explicit and legitimate purposes only.

Data minimisation and accuracy: Only data that is necessary shall be collected, and it must be kept accurate and up to date.

Storage limitation: Data shall be retained only for as long as necessary and deleted or anonymised thereafter.

Integrity and confidentiality: Appropriate technical and organisational measures must be implemented to protect data against unauthorised access, loss or disclosure.

III. Data Subject Rights

Under the UK GDPR, users have the following rights:

The right to be informed, access and rectify their personal data.

The right to erasure, where applicable.

The right to restrict or object to certain types of processing.

The right to data portability.

The right to withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

Users under the age of 16 must obtain consent from a parent or legal guardian.

IV. Obligations of Third-Party Processors

Any third-party processors involved in logistics, customer support, hosting or technical services must:

Process data only on documented instructions.

Implement appropriate security measures.

Assist users in exercising their data protection rights.

Notify and cooperate promptly in the event of a data breach.

Maintain required processing records and report to authorities when legally required.

V. International Data Transfers

Where personal data is transferred outside the United Kingdom, adequate safeguards must be ensured, including:

UK adequacy regulations or approved Standard Contractual Clauses (SCCs).

Additional protective measures such as encryption and access controls where necessary.

VI. Supervision and Penalties

The UK Information Commissioner’s Office (ICO) has the authority to:

Monitor and audit data processing activities.

Suspend or prohibit non-compliant processing.

Impose administrative fines of up to £20 million or 4% of global annual turnover, whichever is higher.

VII. Compliance Commitments

The platform commits to:

Maintaining user control over personal data.

Ensuring transparency and traceability in processing activities.

Implementing appropriate technical and organisational safeguards.

VIII. Contact Information

Address: PO BOX 10744, FAIRBANKS, AK 99710, US

Phone: +1 (239) 573-1878

Email: commande@designroomz.com

Business Hours: Monday to Friday, 9:00–12:30 / 14:00–18:00 (CET)

IX. UK GDPR Article 27 Representative

A UK representative has been appointed to handle requests relating to access, rectification, erasure or restriction of personal data.

Contact: commande@designroomz.com

Requests will be handled during business hours.